![](\"https:\/\/media.wired.com\/photos\/5d0c2bff1fb470226a125c83\/master\/pass\/security_minneapolis-police.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Louise Matsakis| Date: Fri, 21 Jun 2019 19:47:00 +0000<\/strong><\/p>\n In 2013, Amy <\/span>Krekelberg received an unsettling notice from Minnesota\u2019s Department of Natural Resources: An employee had abused<\/a> his access to a government driver\u2019s license database and snooped on thousands of people in the state, mostly women. Krekelberg learned that she was one of them.<\/p>\n When Krekelberg asked for an audit of accesses to her DMV records, as allowed by Minnesota state law<\/a>, she learned that her information\u2014which would include things like her address, weight, height, and driver\u2019s license pictures\u2014had been viewed nearly 1,000 times since 2003, even though she was never under investigation by law enforcement. In fact, Krekelberg was<\/em> law enforcement: She joined the Minneapolis Police Department in 2012, after spending eight years working elsewhere for the city, mostly as an officer for the Park & Recreation Board. She later learned that over 500 of those lookups were conducted by dozens of other cops. Even more eerie, many officers had searched for her in the middle of the night.<\/p>\n Krekelberg eventually sued the city of Minneapolis, as well as two individual officers, for violating the Driver\u2019s Privacy Protection Act, which governs the disclosure of personal information collected by state motor-vehicle departments. Earlier this week, her case prevailed. On Wednesday, a jury awarded Krekelberg $585,000, including $300,000 in punitive damages from the two defendants, who looked up Krekelberg\u2019s information after she allegedly rejected their romantic advances, according to court documents.<\/p>\n \u201cI think that the jury\u2019s verdict shows that people do take privacy quite seriously and that they take women\u2019s privacy seriously,\u201d says Sarah St. Vincent, a surveillance and national security researcher at Human Rights Watch who attended the trial<\/a>. She is studying similar cases across the country.<\/p>\n There have been dozens of lawsuits against Minneapolis and other Minnesota cities in recent years over alleged abuses of license databases. Most of the cases were settled<\/a> out of court<\/a> or dismissed; Krekelberg\u2019s is the only one to have gone to trial. Two of Krekelberg\u2019s lawyers, Sonia Miller-Van Oort and Jonathan Strauss, say that their client suffered harassment from her colleagues for years as the case proceeded, and that in at least one instance, other cops refused to provide Krekelberg with backup support. She now works a desk job.<\/p>\n \u201cWe are disappointed in this verdict, but the city takes very seriously the importance of data privacy,\u201d says Susan L. Segal, the Minneapolis city attorney. She stressed that the police department\u2019s policies have changed in recent years. Minneapolis employees are now required to enter a reason when they search DMV records. Previously, to learn to use the database, officers were encouraged to \u201cgo back to work and look up some of [their] friends and family members,\u201d says Segal. \u201cThere was not this awareness.\u201d<\/p>\n Minnesota did have at least one rare accountability measure in place: It kept a log of when the DMV database was searched, and citizens have the right<\/a> to request their file. Without that digital trail, Krekelberg likely wouldn\u2019t have had the evidence to bring a case. In many other states, similar protections don\u2019t exist, even for more advanced technologies, like facial recognition software<\/a>. Policies can differ greatly between police departments, says Kade Crockford, director of the Technology for Liberty program at the ACLU of Massachusetts. \u201cThere\u2019s virtually no uniformity,\u201d she says.<\/p>\n That makes it difficult for citizens to know when their information has been improperly accessed by the government, which happens not infrequently. A 2016 investigation<\/a> by the Associated Press found hundreds of instances where law enforcement officials misused confidential databases for personal purposes, like to dig up dirt on romantic partners, neighbors, and journalists. One Ohio officer ran checks on his ex-girlfriend, and pleaded guilty to stalking her. Two Miami-Dade officers looked up a reporter who published negative stories about their department.<\/p>\n \u201cI was a trooper for a long time and it was a common practice for troopers to run someone\u2019s name through the [Massachusetts criminal record] system for reasons besides law enforcement,\u201d Michael Szymanski, a former state trooper who was disciplined for abusing a police database, told CommonWealth Magazine<\/a> in May. \u201cI can\u2019t tell you how many times I saw troopers run their next-door neighbor through [the system], run their old girlfriends\u2019 names, or run someone who they\u2019re having a dispute with.\u201d<\/p>\n The problem goes beyond DMV and criminal records databases. Law enforcement officials have also been caught abusing technology<\/a> that allows them to monitor the location of people\u2019s cell phones. In April, a former Missouri sheriff was sentenced to six months in prison<\/a> for tracking a judge and members of the State Highway Patrol.<\/p>\n Employees at private tech companies have also abused their access to databases of sensitive user information. Uber settled a lawsuit<\/a> with the New York attorney general in 2016 over its \u201cGod View\u201d tool, which allowed employees to track the location of riders without their consent, including that of a Buzzfeed reporter<\/a>. Employees at Snapchat also may have misused an internal tool to spy on users, according to a recent Motherboard investigation<\/a>.<\/p>\n More lawmakers have started advocating for data privacy regulations at the state<\/a> and federal<\/a> level, but those conversations have mostly focused on reining in big tech companies, rather than information that public employees can access. \u201cIt\u2019s very hard for people to get any kind of redress for privacy violations,\u201d St. Vincent says.<\/p>\n